Computer Misuse, Breach of Confidence & Privacy Flashcards
What is the Computer Misuse Act 1990?
The Computer Misuse Act (CMA) 1990 is a key piece of legislation that criminalises the act of accessing or modifying data stored on a computer system without appropriate consent or permission.
What is section 1 of the Compute Misuse Act 1990?
Section 1 of the CMA legislates against unauthorised access to computer material
What is section 2 of the Compute Misuse Act 1990?
Section 2 of the Act creates an offence of securing unauthorised access to computer material with intent to commit or facilitate a further offence
What is section 3 of the Compute Misuse Act 1990?
Section 3 of the CMA concerns offences committed through unauthorised acts with intent to impair, or with recklessness as to impairing the operation of a computer
What is section 3ZA of the Compute Misuse Act 1990?
Section 3ZA is primarily aimed at those who seek to attack the critical national infrastructure (note that depending on the motives of the perpetrator, terrorist legislation may be appropriate)
What is section 3A of the Compute Misuse Act 1990?
Section 3A of the CMA creates offences designed to criminalise those who make or supply “malware”. CPS advises prosecutors to “take care when considering software that can be used both legitimately and illegitimately. Whether an offence has been committed will depend on demonstrating that the offender has the necessary intent, as the act does not criminalise possession in itself”.
What was R v Gold & Schifreen 1988?
The Computer Misuse Act 1990 came into existence because of R v Gold & Schifreen (1988), one of the most important early cases in IT law in the UK. In 1984 / 1985, Robert Schifreen and Stephen Gold, using conventional home computers, gained unauthorised access to BT’s Prestel interactive viewdata service, even gaining access to the personal message box of Prince Philip. Schifreen shoulder surfed or eavesdropped the password of a Prestel engineer at a trade show (username was 22222222 and the password was 1234!)
Both men were charged under the Forgery and Counterfeiting Act (which was the closest legislation in existence at the time). They were tried at Southwark Crown Court, were found guilty, and fined £750 and £600. They appealed to the Criminal Division of the Court of Appeal and won the appeal. Prosecutors appealed to the House of Lords (now the Supreme Court) but defendants also won decision at HoL on the basis that:
“The language of the [Forgery and Counterfeiting] Act was not intended to apply to the situation which was shown to exist in this case. The attempt to force these facts into the language of an Act not designed to fit them produced grave difficulties for both judge and jury which we would not wish to see repeated. The appellants’ conduct amounted in essence, as already stated, to dishonestly gaining access to the relevant Prestel data bank by a trick. That is not a criminal offence. If it is thought desirable to make it so, that is a matter for the legislature rather than the courts.” – Lord Brandon
At this point it looked a bit like hacking might be legal in the UK. In 1988, the House of Lords’ ruling in R v Gold & Schifreen gave rise to legal opinion that as the law stood, computer hacking was not technically unlawful in England and Wales. It fell to the English Law Commission to come up with a solution, remembering that at this point technology was becoming increasingly popular with consumer users and not just big businesses. Hacking needed a new law, and this law was the Computer Misuse Act 1990.
What is breach of confidence?
A claim to protect confidential information. Typically, the information concerned must: have the necessary quality of confidence; have been communicated to a recipient in circumstances imparting on obligation of confidence; and been used in an unauthorised manner.
What are the three elements to an action of breach of confidence?
- Confidential information
- Disclosed in circumstances of confidence
- Actual or threatened disclosure
What is confidential information?
Confidential information is generally defined as information disclosed to an individual employee or known to that employee as a consequence of the employee’s employment at a company. This information isn’t generally known outside the company or is protected by law. Confidential information can include information in any form, such as written documents/records or electronic data.
What are 3 circumstances in which revealing information will likely give rise to an obligation of confidence?
- An obligation imposed by contract – for example, non-disclosure agreements.
- An obligation implied because of the circumstances of disclosure – this is determined on the basis of whether a reasonable man standing in the shoes of the recipient of the information would have realised that the information was being given to him in confidence.
- An obligation implied because of the special relationship between the parties concerned – for example, employer/employee relationships.
What is a non-disclosure agreement?
An NDA is a legal contract. It sets out how you share information or ideas in confidence. Sometimes people call NDAs confidentiality agreements.
What is the controversy surrounding the computer misuse act?
The main problem is that the act makes it illegal to access a computer system without consent, regardless of the system involved.
the law has been controversial for its failure to protect legitimate security research through its loose definition of “unauthorized access” and potential criminalization of certain hacking tools.
How did the serious crime act 2015 alter CMA 1990?
SCA introduced 3ZA for serious crimes
for the locations it also introduced:
The accused is in the home country at the time of the offence
The target of the CMA offence is in the home country
The technological activity which has facilitated the offending may have passed through a server based in the home country
What are the circumstances under which the Computer Misuse Act 1990 came into force?
The Act was drawn up after the failure to charge the hackers of Prestel - BT’s nascent email system at the time – and was designed to deal with hacking, unauthorised access to computer systems and intentionally spreading malicious software (malware), such as viruses.